Forum Discussion
NimbostratusIRule Geolocation CA showing in logs as EU
I have an iRule that is blocking traffic from every country except for United States, Canada and Mexico. I have a log that shows those being blocked. An IP being checked is showing on IP address checkers as CA, but in the logs, shows EU. Why will it not show the IP as being from Canada?
We are using BIG-IP 11.1.0 Build 2268.0 Hotfix HF5.
Thanks, Deni
9 Replies
Vitaliy_SavransNacreous
Do you use the latest geolocation base?
~ geoip_lookup ip_addressshows wich country?
djkromarekYes. I have downloaded and installed the latest version and it tests fine.
shaggyHi Deni, Can you try the geoip_lookup command referenced above? It should show exactly what the F5's geolocation database is returning for that IP and should help determine if the database is different from what you expect. The following resource should also help you in validating and reporting an inaccuracy in the database: http://support.f5.com/kb/en-us/solutions/public/12000/800/sol12866.html
- djkromarek
I will verify the database, but the link you referenced is what I followed immediately before posting my question.
- djkromarek
query results in opening database in ./F5GeoIP.dat Error:Failed to access GeoIP memory-map Error initializing GeoIP database ./F5GeoIP.dat
With that, it looks like I downloaded it incorrectly, but I followed the instructions in the referenced link and everything checked out okay then? I will try the update again.
Thanks
- Arie
Altostratus
Are you by any change running multiple BIG-IPs? If I'm not mistaken you have to manually update the database on all units.
- djkromarek
I found the file. And found re-installed. If I run the command suggested in the instructions I get:
geoip_lookup -f /shared/GeoIP/F5GeoIPOrg.dat 65.61.115.197opening database in /shared/GeoIP/F5GeoIPOrg.dat size of geoip database = 200569742, version = GEO-148 20140703 Build 1 Copyright (c) F5 Networks Inc All Rights Reserved geoip_seek = 0186dd6e geoip record ip = 65.61.115.197 name = f5 networks
but when I try to run the same command for an IP that shows in the logs as EU but should be US, I get this: geoip_lookup -f /shared/GeoIP/F5GeoIPOrg.dat 198.135.124.30 opening database in /shared/GeoIP/F5GeoIPOrg.dat size of geoip database = 200569742, version = GEO-148 20140703 Build 1 Copyright (c) F5 Networks Inc All Rights Reserved geoip_seek = 00c9652c geoip record ip = 198.135.124.30 name = ipv4 address block not managed by the ripe ncc
And when I look at the files in the /shared/GeoIP/ folder, the F5GeoIP.dat file is only 32B and looks to be a shortcut?
- djkromarek
We do have multiple BIG-IPs and I have installed the update on both. And on both units when running the command for lookup I get the same response for the 198 IP address.
Thanks, Deni
- djkromarek
Even though the query you had me run failed consistently, your note about making sure to install on both seemed to have worked. It is now reading CA correctly. Thank you very much for your help.
Thanks, Deni
